/**
 * 2010(c) Copyright Oceansoft Information System Co.,LTD. All rights reserved.
 * <p>
 * Compile: JDK 1.6+
 * <p>
 * 版权所有(C)：江苏欧索软件有限公司
 * <p>
 * 公司名称：江苏欧索软件有限公司
 * <p>
 * 公司地址：中国苏州科技城青山路1号
 * <p>
 * 网址: http://www.oceansoft.com.cn
 * <p>
 * 作者: 090922(陈伟)
 * <p>
 * 文件名: com.oceansoft.mobile.econsole.interceptor.PrivilegeInterceptor.java 
 * <p>
 * 类产生时间: 2014-5-8 上午 11:53
 * <p>
 * 负责人: 090922(陈伟)
 * <p>
 * Email:javacspring@gmail.com
 * <p>
 * 所在组 : 掌上公安应用平台
 * <p>
 * 所在部门: 开发部--手持技术部
 * <p>
 * <p>
 */
package cn.com.oceansoft.nos.interceptor;

import cn.com.oceansoft.nos.common.util.SessionUtil;
import org.apache.log4j.Logger;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;

/**
 * 基于Controller方法的权限拦截器
 *
 * @author: chenw
 * @time: 2014-5-8 上午 11:53
 */
public class PrivilegeInterceptor implements HandlerInterceptor {

    //    Logger log = Logger.getLogger(PrivilegeInterceptor.class);
    private final Logger log = Logger.getLogger("db");

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        boolean hasPri = false;
        String msg = "";
        Object save_url_flag = request.getAttribute("IS_SAFE_URL");
        if ((null != save_url_flag && (Boolean.valueOf(save_url_flag.toString())))) {
            hasPri = true;
        } else if ((null != handler && handler instanceof HandlerMethod)) {
            HandlerMethod method = ((HandlerMethod) handler);
            msg = String.format("\n\n权限不足:====>%1$s#%2$s\n\n", method.getBean().getClass().getName(), method.getMethod().getName());
            hasPri = SessionUtil.hasPrivilege(request.getSession(), String.format("%1$s#%2$s", method.getBean().getClass().getName(), method.getMethod().getName()));
        }
        if (hasPri) {
            return true;
        } else {
            System.out.println(msg);
            if (isAjax(request)) {
                PrintWriter out = response.getWriter();
                out.println("{\"statusCode\":\"403\", \"message\":\"访问受限，请与管理员联系!\"}");
            } else {
                request.getRequestDispatcher("/WEB-INF/views/errors/403.jsp").forward(request, response);
            }
            return false;
        }
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        Object log_info = request.getAttribute("OPERATION_LOG_CONTENT");
        //记录日志
        if (log_info != null) {
            log.info(log_info);
        }
    }

    /**
     * 判断是否为AJAX请求
     *
     * @param request HttpServletRequest
     * @return true是, 反之false
     */
    public static boolean isAjax(HttpServletRequest request) {
        return request != null && "XMLHttpRequest".equalsIgnoreCase(request.getHeader("X-Requested-With"));
    }
}
